The tendency of users to store valuable information in their computers is growing with the sophistication and diversification of computer equipment usage and also with increased capacity of integrated storage media of computers. With computers installed in offices or the like where they are easily usable by persons other than specific users who are authorized for their use, there is a risk that valuable information will be revealed, lost or stolen. In order to prevent unauthorized access to a computer, it is well-known heretofore to register a password with the computer beforehand, and to use a password function for activating the computer only when a password entered at the time of power-on coincides with the registered password (for an example, see Published Unexamined Patent Application No. 8-263163).
However, to prevent such an unauthorized access to a computer by means of a password, it is necessary not only to input a password every time the computer is powered on, but also to keep the registered password from being revealed to persons other than the specific user. Because the input, operation and management of passwords are complicated, many users do not utilize the password function.
In addition, it is reported that, recently, about 70% of the crimes relating to the unauthorized accesses to computers are committed by insiders. Therefore, even if passwords are used, there is a possibility that a password may be known by the person attempting unauthorized access to a computer.
BIS (Boot Integrity Service) is an interface specification for safely performing remote boots to computers. It involves writing a BOAC (Boot Object Authorization Certificate containing information for authenticating whether a boot image down-loaded from a server to the computer is authorized.
A BOAC including a Public key and an Identifier, to be used at the time of remote boot, is installed in an EEPROM or the like when the computer is shipped from a factory. A system administrator changes the BOAC, which is written in the EEPROM of the computer used as a client, remotely to a unique one by using a Private key. But since the Private key is disclosed, there is a possibility that the computer is remote-booted and used without authorization after the computer is shipped from the factory and before the system administrator rewrites the BOAC. Then, there is no means for proving that the computer has not been used without authorization.
In addition, the problem of unauthorized access is not limited to computers. There is also a possibility that, for example, for information equipment such as PDAs (Personal Digital Assistants) and cellular phones that can be used as portable terminals and have various functions, inconvenience may result such as leakage of information resources by other persons' unauthorized accesses to information equipment.
Therefore, it is an object of the present invention to provide, a method for preventing an unauthorized access to information equipment.
It is another object of the present invention to provide means for allowing an authorized user to easily determine whether or not information equipment such as a computer or the like is used without authorization.